Risky Business

Risky Business #713 -- Microsoft activates PR weasels after State Department hack

Listen Later

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Microsoft’s weasel-word response to the State Department email hack
  • JumpCloud got owned, maybe by DPRK
  • Citrix 0day is getting stuff rekt
  • Two more spyware firms sanctioned by USA
  • Scammers list fake phone numbers for major airlines on Google Maps
  • Much, much more

    • This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes
    • China-based hackers breach email accounts at State Department
    • Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive
    • Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
    • Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant
    • Hackers target Pakistani government, bank and telecom provider with China-made malware
    • Risky Biz News: JumpCloud compromised by APT group
    • Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica
    • CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group
    • Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive
    • CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities
    • Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service
    • White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive
    • Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity
    • Two more foreign spyware firms blacklisted by US
    • Phone numbers for airlines listed on Google directed to scammers
    • By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails
    • Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter
    • FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive
    • Fed ends Capital One breach-related enforcement action | Cybersecurity Dive
    • Norwegian Refugee Council hit by cyberattack
    • Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says
    • Albania’s PM complains US is not providing country with cyberdefense funds
    • VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL
    • Genesis Market sold to anonymous buyer despite FBI disruption
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Risky BusinessBy Patrick Gray
      • 4.6
      • 4.6
      • 4.6
      • 4.6
      • 4.6

      4.6

      352 ratings

      More shows like Risky Business

      View all
      Security Now (Audio) by TWiT

      Security Now (Audio)

      1,961 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      634 Listeners

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      368 Listeners

      Hacked by Hacked

      Hacked

      176 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,008 Listeners

      Smashing Security by Graham Cluley & Carole Theriault

      Smashing Security

      312 Listeners

      Click Here by Recorded Future News

      Click Here

      386 Listeners

      Malicious Life by Malicious Life

      Malicious Life

      923 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      7,840 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      141 Listeners

      CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

      CISO Series Podcast

      182 Listeners

      Hacking Humans by N2K Networks

      Hacking Humans

      309 Listeners

      Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

      Defense in Depth

      71 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      120 Listeners

      Risky Bulletin by risky.biz

      Risky Bulletin

      33 Listeners